Your business-class photocopier is essentially a computer that can be hacked. It has a hard drive and saves an image of everything you copy. Customer data, invoices, employee records, intellectual capital, personal identity. This is not new information – we’ve been writing about it for years. But the press is finally beginning to pay attention because they have seen for themselves the type of data that can be extracted from corporations by purchasing their used copiers (see the excellent CBS video to the left).
If you’ve attended on of my Privacy Survival Boot Camps or have seen me speak for your organization, you will recognize the spy terminology used below that I use to train on effectively evaluating privacy risks. Here is a brief primer to help you get started on protecting your business from this threat:
Stopping Photo Copier Information Leakage
- Verify whether or not your existing copier has a hard drive. You should contact the business that sold you the copier for details. If you do have a hard drive, ask them if it is password protect and encrypted (unless you paid something extra when you bought it, it is not).
- Ask them how you can take control of the situation. Is there a way to regularly scrub the hard drive (e.g., after each copy job, once the hard drive is through speeding up that particular job)?
- What are your options? Can you purchase an encryption feature that blocks unauthorized access to your photocopier? If your copier is on your local network, are outside users easily able to hack into the hard drive?
- Stop using public photocopiers to copy private materials (Kinkos, CopyMax, Library, etc.) as you have no idea how they store or dispose of the images containing your sensitive data.
- Stop using your hard-drive based photocopier to copy sensitive documents. Purchase an inexpensive photocopier (like an HP) to copy sensitive documents. The cost per page will be more (especially if it uses ink instead of toner), but the long term cost of excessive data storage will save you in the long run. Remember, your data is just like money to a data thief.
If you are serious about protecting your business, start with the items above and then bring an information privacy professional to your organization to help you with this and the handful of other data security issues that face your organization.